Sunday, December 19, 2010

A drunk Serbian man reportedly has become a hero in Egypt

I saw this Tweet today from the New York Post: 


New York PostDrunk Serbian man reportedly has become a hero in Egypt -- by accidentally killing a shark with his butt http://t.co/ztqqx9S


I bought it hook line and sinker (hee). I mean what a story! A Serbian man reportedly has become a hero in Egypt -- by accidentally killing a shark with his butt while drunk. The article says that one "Dragan Stevic" was soused to the gills (not my fish reference) while partying at the Red Sea resort Sharm El Sheikh when he he inadvertently felled the beast that had been terrorizing tourists for weeks.


Stevic reportedly cannonballed into the water from a high-diving board, according to a Macedonian news outlet. Instead of making a splash, he reportedly came down right on the shark's head, killing the toothed terror instantly.  The story goes on to say that "The fun-loving party boy was immediately touted as a local hero who saved tourist season, which had dried up after the shark had injured three people and killed one vacationer. Stevic swam to shore and is currently in the hospital recovering from alcohol poisoning."

 Read more from the New York Post
.

What happens when an outlandish story goes viral? Is there a lesson here for emergency managers?  Of course!  Rumor control can be a full time job.  Social media can put rumors on steroids but it can also help quickly debunk urban legends like this. It took me about 5 seconds to find out that this was a hoax that several news organizations took to be real news.


According to "Carolina Beach Today it turns out that the original story shows a picture of the shark dead on the beach. That photo is apparently a shot of a Basking Shark which washed ashore near Duck, NC last year. 


This viral "news item" titled "Sharks Wary of Drunk Serbs" quickly became a popular search item leading people to the blog.  


The original story on a Macedonian site repored that:


“Dragan climbed on the jumping board, told me to hold his beer and simply ran to jump. There was no time for me to react or to try to stop him, he just went for it” says Milovan.
“Dragan jumped high and plunged down to the sea, but didn’t make as much splash as we thought he would”, explained Milovan.


To see the original English version of the story, go to: http://macedoniaonline.eu/content/view/17081/48/

I love satire... 

Steve

Friday, December 10, 2010

3rd Annual Regional State Border Coordination Workshop


All Hazards Consortium - 3rd Annual Regional State Border Coordination Workshop

On January 24-25, 2011, the states and urban areas of the All Hazards Consortium (AHC) will hold the 3rd Annual Regional State Border Coordination Workshop. The AHC will further develop the findings and discussions that came out of the 2nd Annual State Border Coordination Workshop regarding existing catastrophic evacuation planning efforts within the states of NC, VA, DC, MD, WV, PA, DE, NJ & NY including challenges and opportunities to achieve the long-term vision of a coordinated plan and support of integrated planning.  Breakout sessions cover: credentialing, mass care, transportation, resource management and situational awareness.

I will be attending the workshop again this year as a facilitator. We have helped with the facilitation of this event each year and have found it to be a worthwhile and positive effort. 

Last year. over 190 people from various states, federal and private organizations jointly discussed many topics at this two-day meeting. Several common themes became apparent during the 2010 Workshop:

  • Governance: There is a need for an overall regional governance structure for planning activities and a coordinated regional incident command and control structure for use during and after an event.
  • Collaboration: The region needs a mechanism for on-going regional collaboration activities.
  • Coordination: There is an ongoing need for regional planning and collaboration between homeland security, emergency management, transportation, law enforcement, public health, the private sector and other related organizations.
  • Resources: The regional officials need to know what resources are available and from whom before an event occur and need a mechanism to coordinate resources that are available from both the public and private sector.
  • Funding. A regional funding and sustainability strategy is needed.
Everyone was in general agreement that a regional effort of this magnitude is a considerable challenge but that it could be accomplished if everyone works together.  The 2011 Workshop will build on the outcome of the previous year's efforts and gauge the regional progress in enhancing capabilities related to cross border issues. I hope that you can join me there.

For more information, or to register, visit www.ahcusa.org

Monday, November 8, 2010

Corporate sponsorship of disaster relief, is it altruism?

A recent article which was shared via the IAEM Discussion Group got me writing this morning. The article discussed “corporate social responsibility” efforts in Java, in response to the volcanic eruption there. The story observes how the "disaster relief teams aim to augment efforts by a stretched Indonesian government to house, clothe and feed evacuees from the volcano."

According to the story, representatives of various companies are working on the mountain said their efforts are "entirely altruistic", and balked at any suggestion that the aid teams double as a marketing campaign for the companies. But local residents and evacuees were not so sure.

“Why can’t they just do the good stuff, but without the advertising?” 
“Why can’t they just use plain white vehicles or something?”

Dave, who posted this to IAEM, found this article interesting for the ethical aspects. When doing good for someone or when providing relief during crises, Dave thinks that most of us in this field follow a moral imperative.
"To wit, we help our fellow human beings because it's the right and good thing to do."
So, should we castigate companies for advertising their wares during a crisis? Or should we be grateful?

This question, "What are your thoughts on corporate sponsorship of disaster relief?" got me thinking...

And I think it is a good thing. And a little free advertising is not a bad thing. We need private industry involved in disaster response and relief. Whether they donate it or get paid to do it, private industry have much more resources that f/s/l agencies and VOADs do and they are much better in distribution than we are. If they get a bit of advertising and good press for their efforts, it is only fair when they are giving away tons of stuff and money. For example: Anheuser-Busch has donated 5.7 million cans of water to relief efforts for Hurricane Katrina. You can see the can here:

While there is certainly a need and a place for donations, the idea of us giving away stuff as the response to disaster needs to change IMHO. If you have heard Administrator Fugate talk about the "Whole of Community", you know that the concept is that the community needs to do more in the event of a disaster. To me, corporate America is part of our community.
“We need to move away from the mindset that federal and state governments are always in the lead, and build upon the strengths of our local communities and, more importantly, our citizens. We must treat individuals and communities as key assets rather than liabilities.”  - Craig Fugate, FEMA Administrator
After seeing people drive past an open supermarket to go line up for hours to get free ice and water, I think he has a point. If the big box stores and other retailers can get open we do not need to be giving stuff away. If the community can take care of itself, we do not need to swoop down and hand out water. Public and private organizations and love to make donations after disasters, so much so that Donation Management becomes a huge problem. Maybe it is time to rethink this and change.

As for the moral imperative to help your neighbor? Of course there is such an imperative but better that we help them prepare than give them stuff they should already have or be able to get in their community. Do we need to send truck loads of donated clothing and water? Maybe not. Maybe in some communities but not all. Maybe we cannot get there due to the size and scale of the catastrophe. Maybe the community needs to be able to take care of itself for a while.

My final thought on moral imperatives and altruism (to benefit others over one's own interests). I do not think there is much true altruism in what we or corporations do. We do it because we have a reason. The reason may be because it is what we do, how we were raised, what we believe in, what our job is, or because we think it will benefit us. A story about Abe Lincoln describes an example.

One day while President Lincoln was going to the Congress, he saw a helpless pig stuck in the mud. He felt pity for the animal and wondered how he would feel if he was in the pig's place. He decided to help the pig. He told his driver to stop the carriage, so that he could pull the pig out of the mud.

The driver stopped the carriage, and President Lincoln got out. The driver said to the President, "You wait, I will take him out. I don't want your clothes to get dirty."

The President replied "I do not care for my clothes. The pig's life is more important."

The driver said, "Please wait and let me try. If I fail, I will ask for your help."

The driver tried very hard, but he could not pull the pig out of the mud. So the president helped the driver pull the pig out. While doing that the President's clothes became very dirty. The driver offered to take him back home so that he could change his clothes. The president however told him that he did not want to be late for the meeting, and asked him to drive towards the Congress building.

When he reached at the meeting, everyone wondered what happened to the president. The driver explained everything. He told them how the president saved the life of a helpless pig. Everybody in Congress praised the president for his kindness.

When you show kindness, friendship and love towards other living beings, you get lot of happiness and satisfaction in return. You also get regards from others.

In another version of this story the President is to have said that he did it because he would have felt awful if he did not help. That is the motivation to help, you just don't want to feel bad for not helping, you want to feel good to have helped. Perhaps that is why many of us are in this business...

Thanks, now that I have posted this, I feel better!

Steve Davis

Saturday, October 9, 2010

National UASI Homeland Security Conference


I am currently beginning work on the 2011 National UASI Homeland Security Conference.  This will be the 5th one.  It should be getting easier but it is not...


The National Urban Areas Security Initiative Conference, Inc. in cooperation with The Department of Homeland Security, Federal Emergency Management Agency, Grants Programs Directorate, is hosting its 5th annual conference in San Francisco.  The theme for the 2011 conference is “Creating Capabilities through Regional Collaboration”. The conference will provide an opportunity for stakeholders from all areas of homeland security and emergency preparedness to gather together and exchange important information to make our country safer. The conference will include all grants under the Homeland Security Grant Program.

June 20-22, 2011
National UASI Homeland Security Conference
San Francisco, California

Friday, June 25, 2010

Best Practices Request



Our web site at www.all-hands.net was created as an Emergency Manager's Toolbox and still serves that purpose (as recently mentioned in the IAEM newsletter).

I would like to encourage all of you to use it to share documents with other Emergency Managers. We have shared a lot through this list and that site in the past and hear that it has been very useful.

I now want to ask for your help. I am working on two best practice research projects. If any of you have information on best practices for evacuation and/or playbooks/FOGs/SOGs plans, documents, and related tools, please let me know. I can treat it as close hold or share it on the site, whichever you prefer.

You can reach me at Steve at All-Hands.net

Regards,

Steve Davis, All Hands

Sunday, June 6, 2010

Consulting Honorably

There is an old saying that "There is honor among thieves". Honor connotes personal integrity and a belief in certain moral principles, and it can exist even among thieving bastards apparently.

Today I ask the question: Is there honor among emergency management consultants?

Obviously there are no absolutes in life; and, in my experience, in consulting there are honorable and not-so-honorable consulting companies and individuals.

My past experience with “partner firms” has been good and bad. I have some good partners and some soon-to-be-ex partners thanks to varying degrees of honor that they have exhibited.

If someone says there is honor among thieves, they usually mean that even corrupt criminals can have a sense of honor or integrity, or justice, even if it is skewed by disregard of the law. Teams of people (thieves or consultants) can accomplish more than individuals in almost any undertakings. Customs, mores and informal rules evolve in a group. It is not good to disrupt the team by treating each other unfairly.

"We must be able to trust each other in order to be maximally effective."

Why would a consultant want to make this comparison to thieves to his business? Good question, we do not think that consultants are thieves obviously but there is an important parallel to discuss.

First, some background is in order. If you are familiar with All Hands Consulting, you know that we are a large consortium of individual emergency management consultants and small firms. While we often work as a prime that builds teams of independent consultants to serve our client’s needs, we sometimes partner with larger firms to help meet their staffing requirements. While specific “no compete” language in contracts is often used to protect the various business relationships we each have, the issue of honor in the business relationship is not always clear in black and white. We rely to some degree on the integrity and loyalty of our associates but we also expect partner firms to treat our team members as “All Hands Consultants” and not work to use them independently of us.

We do not force our consultants to be exclusive to us as we want them to have the ability to work for others when they can but we do not want to do the work on the front end of the relationship only to be cut out of other projects.

We expect honor in business dealing and will avoid working with those that do not exhibit it.

By “honor in business” I mean that we each treat the other with respect and work toward “mutually beneficial” business ventures. But honor also means that we do not try to work outside of the established relationships that we have forged. For instance, I would expect that neither the client, nor the prime, would try to work with our team members independent of us. While this is clear in most contracts, it is a principal that is sometimes breeched. For example, we cooperate on a bid with another firm and we offer resumes to help staff the projects. We expect that the prime firm and other partners would not attempt to use our resumes on other jobs independent of All Hands. But, as you can guess, that does happen. Some consulting firms actually forge so called “strategic partnerships” only to work behind our backs to use our people against us without our knowledge.

In business, the “honor among thieves” rule becomes "we must treat each other with respect”. If we are to continue working together, it is certainly not good business to cheat your partner. So, treat “the other thieves” with honor or else find yourself on the outside looking in.

"Dance with the one what brung ya" in other words.'

Obviously, teams of people can form social groups and accomplish more than individuals. A team of thieves can be organized and cooperate; so can consultants. Thieves steal. It is good to steal if you are a thief. It is not good to disrupt steal from each other. Consultants work to earn their pay, it is not good to disrupt the working relationship along the way...

So here are some rules for you to consider if you are in the consulting business and you want to prosper as part of a “team of rivals”:

1. Treat each other with respect and honor.
2. Do not use the “letter of the law” to hide behind.
3. Do not steal resumes from a partner firm.
4. Do not try to steal a client.
5. Remember those that helped you on the way up.
6. Do not use resumes to win a job and then forget the person when you start the work.
7. Communicate, collaborate and cooperate with your partners.
8. Do not expect to build a bridge with broken promises.
9. Be fair in your business dealings.
10. Give credit to those that deserve it.

Obviously, All Hands Consulting lives by these rules and expects others to do so as well. We trust our consultants and will only work with other firms that we can trust as well.

Saturday, May 1, 2010

Job Opportunities with All Hands Consulting

Here is an update on current projects we are working on at All Hands. If you are interested, please drop me a line and an up-to-date resume along with rate requirements and availability.

Disaster Reservists. We continue to recruit for disaster reservists for mass care missions. Should the "big one" happen we will likely be asked on short notice to support coordination, field operations and shelter management along with possible support to feeding, base camps, logistics, etc. (If you are already signed up with our partner ConOps there is no need to reapply.) See more information at http://allhandsconsulting.com/pr08.htm

EOC Operations. We are looking for good people to include on a proposal that we are working on . Candidates must have "hands-on” experience with an EOC (to include JOC, ROC, etc.) at the federal or state level with 24/7/365 operations. Work would be part-time and may only require limited travel to support planning activities towards operation of an EOC, this is not staffing the EOC at this point.

Oil Spill. As the Deepwater Horizon oil spill has begun to reach some shorelines this morning, we expect potential requests to support operations on the ground there. Most likely this will be EOC support (IMT type) missions. This event will require extraordinary coordination of federal, state, local, and sector resources to contain and clean up the mess. If you are experienced working in ICS organizations and free to deploy for an extended period, let me know.

Planners. We continue to pursue catastrophic planning projects and have recently won a new task order. We are always looking for good planners with local, state or federal experience including military planners. We are working with several other firms and may be able to refer you for work or use you as a sub on any projects we capture. If you are interested let me know.

REP. We may support a bid on Radiological Emergency Preparedness (REP) Planning and Exercise work. If you are an experienced REP planner and not constrained by non-compete provisions in contracts with other firms, please let me know if you are interested.

Florida. We are picking up a little work in Florida and hope to be bidding on more soon as some procurements start to come out. We are in under contract now as a “prequalified” contractor with Miami-Dade.

Facebook. Finally, please join us on facebook. We have a corporate page at http://all-hands.net/url/ahcfacebook and a Community page at http://all-hands.net/url/ahdnfb.



Regards,



Steve Davis, All Hands

Phone: 410-730-5677

Fax: 866-236-5999

http://www.allhands.us

http://www.linkedin.com/in/allhands

Wednesday, March 31, 2010

All Hands Consulting is recruiting for on-call disaster response reservists

Reservists Needed

All Hands Consulting is recruiting for on-call disaster response reservists


Reservists are needed to support FEMA’s response to catastrophic disasters or incidents as defined by the Stafford Act. Deployments will be on short notice for up to 30 days or longer and will require long and/or odd hours in support of emergencies and disasters. In some cases, 12 hour shifts seven-days-a week will be expected. The size and scope of the mission will vary based on the geography, scale and magnitude of damage, type of incident, impact on the national security, and the projected number of affected individuals and households, as well as the availability of resources (housing, personnel, supplies, and materials).


Background, job descriptions, and contact information for interested candidates are included below.


Background: Individual Assistance – Technical Assistance Contracts (IA-TAC)

The Federal Emergency Management Agency (FEMA) has awarded Individual Assistance Technical Assistance Contracts (IA-TAC) to support FEMA's implementation of the agency's ESF6 Mass Care/ Emergency Assistance programs as authorized by the Robert T. Stafford Disaster Relief and Emergency Assistance Act. Managed by FEMA’s Individual Assistance Branch, one of four regional contracts was awarded to the Partnership for Temporary Housing, LLC (PaTH), a partnership between three federal contractors: DynCorp International (www.dyn-intl.com), Dewberry (www.dewberry.com) and Parsons Infrastructure (www.parsons.com). Under the IATAC III contract, PaTH provides a variety of mission support for people affected by disaster incidents, including emergency sheltering, feeding, evacuation, medical services, security, and more.

All Hands Consulting is a subcontractor to PaTH team member CONOPS Consulting. Our contract includes planning and staffing support for FEMA’s Individual Assistance mission. Together these two firms are responsible for providing reservists to PaTH for mass care/emergency assistance program support. As a part of our preparedness efforts, we are augmenting our existing cadre of part-time and intermittent staff to develop a large force of disaster reservists who will be available and prepared to deploy to perform work for PaTH following catastrophic incidents.

PaTH requires individuals with a variety of skills, experience, and technical capabilities to fulfill this mission. We are filling command and general staff positions for PaTH coordination centers at the national and field level as well as staff to manage and support large emergency shelters (see below). All positions are intermittent (part-time), on-call (rapid deployment), with travel and field work required in most cases). Experience with one or more large-scale disaster relief operations is a plus.

Command and General Staff Positions

Senior command and general staff positions, with mass care, logistics, and incident management experience are needed to fill positions in the following command and control facilities:

1. PaTH National Coordination Center located in Falls Church, Virginia.
2. Field Management Team Center located at the disaster site (may be at a base or shelter).
3. Shelter Management Teams located within a shelter facility.

Specific positions are described below.

PaTH National Coordination Center Positions

Located in Falls Church, Virginia.

Applicants should have some mass care knowledge and incident command system training (through ICS 400) and incident management experience. Experience in incident management command and general staff positions required. (Ideally, you should live within reasonable driving distance to the Washington DC metro area.)

PCC Manager (ICS equivalent Incident Commander)

The PCC Manager is responsible for the daily operations at the PCC (national-level coordination center), and leads the PCC Team. Responsible for overall management of the PaTH PCC, establishment of immediate priorities for task order support operations, development of objectives and strategy, organizing and staffing the PCC organization to meet workload demands,
and approval of the incident action plan (IAP).

PCC Deputy Manager (ICS equivalent Operations Chief)


The PCC Deputy Manager is responsible for assisting the PCC Manager with overall management of the PaTH PCC and the establishment of immediate priorities for task order support operations, development of objectives and strategy, organizing and staffing the PCC organization to meet workload demands, and approval of the incident action plan (IAP).

Liaison Officer

The Liaison Officer is responsible for managing and monitoring task order operations and advising the PCC Manager on all matters relating to interagency coordination. Responsible for coordinating continuing contact with cooperating agencies to understand the capabilities, limitations, needs and desires of cooperating agencies, and to identify and resolve any potential interagency problem.

PCC Planning Section Chief

The PCC Planning Section Chief is responsible for collection, evaluation, and dissemination of PaTH response situation information and intelligence to the PCC Manager and PCC management personnel. Assures preparation of status reports, displays situation information, maintains the status of resources assigned to the PaTH response, and prepares and documents the IAP and quality assurance plan, based on Deputy Manager (Operations Section) input and guidance from the Manager; prepares the risk management plan and advises the PCC Manager and other command and general staff on all matters relating to planning for task order operations and support of deployed personnel.

PCC Logistics Section Chief

The PCC Logistics Section Chief is responsible for all logistical support requirements needed to facilitate effective and efficient incident management, including ordering resources from off-incident locations. Provides facilities, security (of the incident command facilities and personnel), transportation, supplies, equipment maintenance and fuel, food services, communications and information technology support, and emergency responder medical services, including inoculations, as required. Responsible for coordinating the systems and procedures necessary to ensure ongoing logistical support for the performance of task orders and implementation of measures to monitor and resolve issues in logistics section activities.

PCC Finance & Admin Section Chief

Responsible for all financial and administrative and cost analysis requirements needed to facilitate effective and efficient incident management. Responsible for coordinating the systems and procedures necessary to ensure ongoing monitoring of multiple task orders and sources of funds, and the accrued cost as the incident progresses; and continued support for the performance of task orders and implementation of measures to monitor and resolve issues in logistics section activities.

Other Positions

Other branch directors and unit leaders will be needed as required by the scope of the incident.

Field Management Team (FMT) Positions

The Field Management Team will be located at the disaster site (may be at a base or shelter).
Applicants must be able to deploy within 12 hours, be on site in 24 hours to western U.S. (including Alaska, Hawaii, and the Pacific Islands). Applicants must have mass care and incident command system (through ICS 400) and incident management experience on large disaster relief operations. Applicants must be able to pass an FBI Background Clearance check and secure a FEMA ID badge. See specific positions below.

The FMT is scalable, based on the size and/ or complexity of the Task Order(s), and may include:

Task Order Manager (TOM) (ICS equivalent Incident Commander)


The TOM is responsible for the daily operations in the field, and leads the Field Management Team. The TOM will ensure that technical and financial objectives are achieved in accordance with the Task Order and FEMA policies and authorities. Depending upon the nature of the Task Order and work to be performed, the FMT may include technical specialists and subject matter experts to support the TOM in operational planning and execution.

Deputy Task Order Manager (DTOM) (ICS equivalent Operations Section Chief)


The DTOM is responsible for operational execution of the Task Order and components. The DTOM is responsible for managing the daily activities of the QC Specialists to ensure that they perform their duties in accordance with IATAC III contract Task Orders.

Senior Disaster Response Specialist (ICS equivalent Planning Section Chief)


The Disaster Response Specialist works with operations and logistics to plan for the next operational period and identify resources needed to accomplish the goals of that operational period.

Logistics Manager (ICS equivalent Logistics Section Chief)


The Logistics Manager is responsible for coordinating PaTH personnel, transportation, hotel accommodations, and property control records for all furnished equipment.

Finance / Admin Manager (ICS equivalent Administration Section Chief)


The Finance / Admin Manager is responsible for contract administration, finance accountability, procurement activities and basic administration during the period of mission performance.

Operations Branch Directors - Other Subcontractors


Task Orders are executed using a variety of resources, including PaTH fulltime staff, temporary/ cadre staff, and subcontractor staff and resources. Subcontractors will staff branch and unit positions and are directed by and report directly to the FMT during execution of TOs.

Quality Assurance/ Quality Control Inspectors


The QA/QC Inspector is responsible for conducting inspections, recording inspection data, planning inspections (including preparation and set-up of shelters), evaluating the validity and acceptability of inspection, examination and testing results, reporting inspection, examination and testing results, and providing leadership to lower-level QA/QC Inspectors.

Shelter Management Team Positions


Shelter Management Teams are located within a shelter facility.


Shelter Management Teams include command and general staff positions as well as branch chiefs and specialists operating under the Incident Command System. Shelter Management Team applicants must be able to deploy within 12 hours, arriving on site in 24 hours to western U.S. (including Alaska and Hawaii). Applicants should have shelter management/shelter operations/mass care training and experience, particularly on large disaster relief operations, and be familiar with ICS. Applicants must be able to pass an FBI Background Clearance check and secure a FEMA ID badge.

The following is a list of positions which are currently being recruited.

Shelter Management Team Members:

Shelter Manager
Asst. Shelter Manager
Safety & Security Supervisor
Liaison Officer
Information Officer
Operations Chief
Dormitory Supervisor
Feeding Services Supervisor
Planning Section Chief
Logistics Section Chief
Finance/Administration Section Chief

Other Positions

Other team members will be needed as required by the scope of the incident for specific support functions in a variety of roles required by shelter operations.

Shelter Management General Requirements:


• Experienced in mass care sheltering and/or feeding on a large disaster response operation: shelter manager/supervisor; feeding manager/supervisor; bulk supply distribution, or logistical support of these activities.
• Completion of FEMA Independent Study classes IS 100, 200, 700a, 800b, 26, 288, 701, 806. Otherwise candidate must complete within 30 days of hire. Other related training may be required.
• Must be able to effectively manage multiple priorities under extreme pressure in a highly stressful environment.
• Able to work independently with little supervision, but also work well as part of a cohesive team.
• Able to focus on details while handling multiple tasks independently.
• Proven leadership and interpersonal skills.
• Excellent written and oral communication skills.
• Demonstrate proficiency with Microsoft Office including Outlook, Excel, and Word. SharePoint experience a plus.

Specific duties, responsibilities and qualifications will be available for all positions.
Pay will be established based on experience and qualifications and will be comparable with that of FEMA on-call reservists (Disaster Assistance Employees).

How to Apply

Interested candidates should send a resume to Annette Rhoads at Info@conopsconsulting.com with “PaTH Candidate” in subject line. Time is of the essence but recruitment will stay open indefinitely.

For More Information:
Annette Rhoads
Business Development Consultant
www.conopsconsulting.com
571-215-7633

Tuesday, March 23, 2010

Security and Privacy on Social Networking Sites

I thought that this bulletin from the Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC) was worthy of a repost.

CIP Bulletin 2-10 March 23, 2010

Security and Privacy on Social Networking Sites

What are the security and privacy issues associated with social networking sites?

Social networking sites have become very popular avenues for people to communicate with family, friends and colleagues from around the corner or across the globe. While there can be benefits from the collaborative, distributed approaches promoted by responsible use of social networking sites, there are information security and privacy concerns. The volume and accessibility of personal information available on social networking sites have attracted malicious people who seek to exploit this information. The same technologies that invite user participation also make the sites easier to infect with malware that can shut down an organization’s networks, or keystroke loggers that can steal credentials. Common social networking risks such as spear phishing, social engineering, spoofing, and web application attacks attempt to steal a person’s identity. Such attacks are often successful due to the assumption of being in a trusting environment social networks create.

Security and privacy related to social networking sites are fundamentally behavioral issues, not technology issues. The more information a person posts, the more information becomes available for a potential compromise by those with malicious intentions. People who provide private, sensitive or confidential information about themselves or other people, whether wittingly or unwittingly, pose a higher risk to themselves and others. Information such as a person’s social security number, street address, phone number, financial information, or confidential business information should not be published online. Similarly, posting photos, videos or audio files could lead to an organization’s breach of confidentiality or an individual’s breach of privacy.

What are the precautions I should take?

Below are some helpful tips regarding security and privacy while using social networking sites:

• Ensure that any computer you use to connect to a social media site has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.

• Use caution when clicking a link to another page or running an online application, even if it is from someone you know. Many applications embedded within social networking sites require you to share your information when you use them. Attackers use these sites to distribute their malware.

• Use strong and unique passwords. Using the same password on all accounts increases the vulnerability of these accounts if one becomes compromised.

• If screen names are allowed, do not choose one that gives away too much personal information.

• Be careful who you add as a “friend,” or what groups or pages you join. The more “friends” you have or groups/pages you join, the more people who have access to your information.

• Do not assume privacy on a social networking site. For both business and personal use, confidential information should not be shared. You should only post information you are comfortable disclosing to a complete stranger.

• Use discretion before posting information or commenting about anything. Once information is posted online, it can potentially be viewed by anyone and may not be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered public records.

• Configure privacy settings to allow only those people you trust to have access to the information you post. Also, restrict the ability for others to post information to your page. The default settings for some sites may allow anyone to see your information or post information to your page; these settings should be changed.

• Review a site’s privacy policy. Some sites may share information such as email addresses or user preferences with other parties. If a site’s privacy policy is vague or does not properly protect your information, do not use the site.

Additional Information:

MS-ISAC Monthly Cyber Security Tips Newsletter: Social Networking Sites: How To Stay Safe
OnGuardOnline
StaySafeOnline – National Cyber Security Alliance
Social Networking Privacy - A Parent’s Guide
US-CERT--Staying Safe on Social Network Sites

For more monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/.


FAIR USE NOTICE

This Bulletin may contain copyrighted material that was not specifically authorized by the copyright owner. I believe this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

REPORTING NOTICE

DHS and the FBI encourage recipients of this document to report information concerning suspicious or criminal activity to DHS and/or the FBI. The DHS National Operation Center (NOC) can be reached by telephone at 202-282-9685 or by e-mail at NOC.Fusion@dhs.gov.

Saturday, February 6, 2010

Comprehensive Emergency Management Plans

Whether you call it a Comprehensive Emergency Management Plan (CEMP), or an Emergency Operations Plan (EOP), you are probably wondering about what the best way is to structure your plan given the new FEMA Comprehensive Preparedness Guide, CPG 101. We have long stressed the need to adapt the plan to the local concept of operations but always start a CEMP project by lookin at the ConOps to see if it should be adjusted. The central question is normally related to organizing under the Incident Command System (ICS) or by Emergency Support Functions (ESFs).

Background

A jurisdiction's Comprehensive Emergency Management Plan (CEMP) establishes a framework for an effective comprehensive emergency management program. A CEMP describes the basic strategies, assumptions, policies, operational goals and objectives, and mechanisms through which a jurisdiction will mobilize resources and conduct activities to guide and support emergency management efforts through prevention, preparedness, response, recovery, and mitigation. To facilitate effective response and recovery operations, the CEMP adopts a functional approach that groups the types of emergency assistance to be provided into Emergency Support Functions (ESFs) and groups recovery tasks into Recovery Functions (RFs).

Often, contractors are hired to work for, and in close coordination with, the jurisdiction's emergency management staff, to provide administrative, research, planning, publishing services and best practices required to develop a complete CEMP.

ESFs VERSUS ANNEXES

CPG 101 encourages use of the Target Capabilities List (TCLs) when developing a schedule of ESFs (or annexes) Quotes from CPG 101:

"The Target Capability List’s “Planning” common target capability provides guidance to jurisdictions on building the capacity to perform emergency planning."


"The Target Capabilities List (TCL) is a comprehensive catalog of capabilities (response functions) . . ."

"The Target Capabilities List, Respond Mission Area target capabilities for On-Site Incident Management and for EOC Management provide tasks and measures that are helpful for . . . (CEMP/EOC) . . . development . . ."

Regardless of what they are called, the schedule of ESF (or annexes) should encompass all of the emergency functions and tasks that will need to be performed by the community during disaster. A singular ESF analyzes a particular emergency function. The ESF is concerned with that emergency function and specifies the specific tasks to be done, who will do the tasks and if more than one agency/organization is involved, then how they will work together.

Quote from CPG 101:

"The EOP contains annexes and appendices appropriate to the jurisdiction’s organization and operations."

WHAT FORMAT TO USE (ESFs versus Functional Annexes)?

CPG 101 says it does not matter; choose what best works for you:

"(CPG 101) outlines a variety of formats that a jurisdiction could use for an EOP, to include a Functional format, an Emergency Support Function format, and an Agency/Department-Focused format. These format options come from EOPs used by State, Territorial, Local, and Tribal governments across the nation. No matter the source, these formats are, at best, suggestions ... for developing an EOP. "

"As the planning team begins to develop a new EOP, members must discuss what format is the most effective and easiest to use by their jurisdiction."

In short, "form follows function" in the sense that operational needs should help determine the EOP format a jurisdiction uses. The planning team may modify any of these formats to make the EOP fit the jurisdiction’s emergency management strategy, policy, resources, and capabilities.

AHC'S APPROACH

All Hands believes that Emergency Support Functions (ESFs) comprise the core response elements of a comprehensive emergency management plan and program. We work with each jurisdiction to ensure that their schedule of ESFs works for them.

Notional ESF schedule. (Note per CPG 101 jurisdictions are encouraged to develop an ESF schedule that best works for them)

ESF 1 Transportation

ESF 2 Communications; or Communications &Warning

ESF 3 Public Works & Engineering

• Debris Management (3.1)

ESF 4 Firefighting

ESF 5 Information, Analysis & Planning; or Emergency Management

• Managing Emergency Operations: Community Emergency Management System (5.1)

• Situation Analysis & Reporting (5.2)

• Alert, Warning, Notification (5.3)

• Military Support (5.4)

• Initial Disaster & Life Safety Assessment (5.5)

• Public Protection - Warning, Evacuation, Shelter (5.6)

ESF 6 Mass Care, Housing & Human Services

ESF 7 Resource Support (Management?)

• Food & Water (7.1)

ESF 8 Public Health (move EMS to separate ESF); or Public Health & Medical Services

ESF 9 Search & Rescue

ESF 10 Oil and Hazardous Materials

ESF 11 Agriculture & Natural Resources (or make this Food and Water)

ESF 12 Energy & Utilities

ESF 13 Public Safety & Security (law enforcement)

• Evacuation Traffic Management (13.1)

• Military Support (31.2)

ESF 14 Community Recovery & Mitigation (or make these programs separate annexes to CEMP)

ESF 15 Public Information

ESF 16 Volunteers & Donations

ESF 17 Animal Services

ESF 18 Special Needs Services

ESF 19 Finance & Administration

ESF 20 Information & Technology Services

ESF 21 Employee Assistance & Deployment

ESF 22 Damage Assessment

ESF 23 Emergency Medical Services

• Hospitals (23.1)

• Special Medical Needs (32.2)

ESF 24 Fatality Management (Coroner)

ESF 25 Business & Industry Coordination

Other ?

ADDITIONAL THOUGHTS

Emergency Operations Plan (EOP) versus CEMP

• An EOP is a response oriented operations plan (maybe includes recovery).

• A CEMP is a strategic document that is the blueprint for a jurisdiction's comprehensive emergency management program and as such contains the 4 phases of emergency management: mitigation, preparedness, response and recovery. An EOP is contained with a CEMP (it is the response element)

A CEMP/EOP Should:

• Serve the needs of a local jurisdiction first (emergencies/disasters are owned at the local jurisdiction level).

• Be all hazards.

• Be the "blueprint" for a jurisdiction's emergency management program and contain the 4 phases of emergency management.

• "Dovetail" with the next levels of government plans: region, state, federal as per CPG 101:

"National guidance and consensus standards expect that a jurisdiction’s plans will be coordinated and integrated among all levels of government and will consider critical infrastructure planning efforts. The NIMS and the NRF support a concept of layered operations. They recognize that many operations start at the local level, and, as needs exceed resources and capabilities, State, Regional, and Federal assets are applied. This approach means that planning must be vertically integrated to ensure that all response levels have a common operational focus."

AHC CEMP PLANNING PROCESS INCLUDES:

1. Obtain background information.

• Review existing plan(s), procedures, and relevant written materials and agree on which portions of the existing plan(s) are relevant.

• Review, research legal planning requirements and basis.

• Review all relevant laws, policies, guidelines to ensure plan compatibility and compliance.

• Determine relevance of state planning guidance.

2. Analyze current situation.

• Gain an understanding of how the jurisdiction is organized, and how it intends to function during emergency and disaster conditions.

3. Identification of hazards.

• Obtain existing community Hazard Vulnerability Assessment (HVA) to obtain knowledge of hazards facing the community. Summarize this information for inclusion in the Basic Plan.

• Determine and agree on best approach to integrate specific hazards concerns, i.e. schedule of special subjects appended to CEMP.

• Summarize mitigation data contained in the HVA (and from other sources) into CEMP Mitigation Section.

• Suggest mitigation strategies.

4. Determine City’s “Concept of Operations” to include:

• Use of ICS and EOC (ICS/EOC interface).

• Relationship of jurisdiction's emergency management program to higher levels of government, i.e. city to county; county to state..

• What emergency functions are performed by jurisdiction.

• Levels of emergency.

5. Determine CEMP structure, format, content.

• Present, review examples of "best practices."

• Develop CEMP outline (table of contents).

• Establish outline and format of Basic Plan.

• Determine schedule of emergency function annexes or ESFs.

• Establish common outline, format, content for emergency function annexes or ESFs.

• Determine and agree on best approach to including special functions and hazards of local concern.

• Determine which “special subjects” will be appended to CEMP. Develop list.

• Determine schedule of diagrams, charts, maps.

6. Identify planning process participants and development of planning process workbook.

• Determine which jurisdiction departments, agencies, organizations will be involved in the planning process, and exactly how the contractor will work with and through jurisdiction's Emergency Manager.

• Develop questionnaire/planning process workbook to be distributed to planning process participants.

• Collect questionnaire/planning process workbooks, compile information and data for inclusion into CEMP, Special Subjects Digest, and EOC Manual.

• Establish data collection filing system.

7. Develop an ESF "primary/support" responsibility matrix.

• Identify and list the plan participants (potential resource providers).

• Develop a matrix that will be used to identify and assess participation of the various agencies involved. (CEMP participants listed on one axis, and the schedule of ESFs listed on the other axis.)

• Fill in matrix. For each EFS indicate which agency will have the lead role (primary) and which agencies will be in a supporting role.

8. Design EOC organization chart (basis for the jurisdiction’s incident management system).

• Determine the EOC functions.

• Determine the sections, branches, units, and assign appropriate departments and EFSs to each.

• Summarize and include details in CEMP Basic Plan.

• NOTE: Organizational chart is the table of contents for the EOC Manual.

9. Establish computer protocols, i.e. central control, back-up system, etc.

• Set up files for the various CEMP parts/sections on computer.

10. Begin writing plan.

11. Produce a first draft of the CEMP.

• Determine what information, content is missing.

• Include first draft of charts, diagrams, other display items.

• Submit to jurisdiction's emergency management staff for comment.

12. Produce a second draft of the CEMP from comments received on first draft and submit to jurisdiction's emergency management staff for comment.

13. Prepare final draft, making appropriate changes as per comments received from jurisdiction's emergency management staff for comment.

• Review and suggest changes to final draft.

14. Produce and submit to jurisdiction's emergency management staff final electronic copies of plan both in "Word" and "PDF".

Sunday, January 3, 2010

All Hands Supports NY-NJ-CT-PA Regional Catastrophic Planning Efforts

COLUMBIA, MD - January 2, 2010 - All Hands Consulting (www.AllHandsConsulting.com), a emergency management and homeland security consulting firm, announced that it has been selected by the NY-NJ-CT-PA Regional Catastrophic Planning Team (RCPT), co-chaired by the New York City and Northern New Jersey Urban Area Working Groups, to provide ongoing services related to regional catastrophic planning.

The Indefinite Quantity Delivery Contract is for Professional Emergency Planning Services. "All Hands is excited about this opportunity to support the nation's largest metropolitan area," said All Hands President Steve Davis. "AHC has assembled a team that has incredible expertise in comprehensive emergency management, catastrophic event planning, training and exercises and real-life disaster management, as well as homeland security." AHC has provided similar services to the Miami and Fort Lauderdale Urban Area Security Initiative since its inception in 2003.

The All Hands team, which includes partner firms Tetra Tech and PBS&J, specializes in comprehensive approaches to emergency management and homeland security. "The combination of skills, knowledge and experience included on our team makes us uniquely qualified to support the Regional Catastrophic Planning Team," Davis said.

The RCPT is a steering committee that oversees a major all-hazards catastrophic planning effort funded through the Department of Homeland Security's Regional Catastrophic Planning Grant Program (RCPGP). The regional project site for New York City and Northern New Jersey also includes Long Island, several New York counties, and portions of Connecticut and Pennsylvania. Members of the RCPT represent the interests of stakeholders throughout their communities, including counties, cities, businesses, non-profit groups and volunteer efforts. One of the primary objectives of the RCPT is to create a foundation for ongoing regional collaboration in emergency management issues.

Since 1995, All Hands Consulting (a trade name for DavisLogic Inc.) has supported over 100 clients on comprehensive emergency management and planning projects for risk assessment, continuity of operations planning, strategic planning, capabilities assessments, and training and exercises. The firm has been hired by some of the country’s largest urban areas to develop comprehensive regional plans, including Miami/Fort Lauderdale and Los Angeles/Long Beach and has supported numerous planning, training, and exercise projects for federal, state and local government as well as the private sector.